A recent study has revealed seven out of ten retail and financial applications are vulnerable to Heartbleed-like attacks due to input validation violations.
Software testing company CAST performed the research in an effort to show the growing number of data breaches and security incidents can be directly linked to poor code quality, according to a press release.
The research was based on the analysis of more than 1,300 applications from more than 200 enterprises, comprising nearly 700 million lines of code.
The flaw in input validations, caused by poor code quality, allows attackers to execute malicious code placed in the input field where customers enter their personal information. The type of attack recently came to light after the discovery of the ‘Heartbleed’ vulnerability back in April, which exposed more than an estimated 60 percent of Internet servers.
“Businesses handling customer financial information have a responsibility to improve software quality and reduce the operational risk of their applications – not only to protect their businesses, but ultimately their customers,” said CAST EVP Lev Lesokhin.
Additional findings from CAST’s research include:
- Government IT had the highest percentage (61 percent) of applications without any input validation violations
- Independent software vendors had the lowest percentage (12 percent) of applications without any input validations
- The financial services industry had 224 input validation violations per application
CAST chief scientist Dr. Bill Curtis stated these results can help prove software security is equally important as software quality, adding “Badly-constructed software won’t just cause systems to crash, corrupt data, and make recovery difficult, but also leaves numerous security holes.”
The findings are a part of ongoing research and the firm plans to publish its final 2014 CRASH Report in September.
Read More Here…